IETF Logo Mail Archive

Re: [TLS] Deployment ... Re: This working group has failed

Andy Lutomirski <luto@amacapital.net> Wed, 27 November 2013 22:08 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E3C1AD937 for <tls@ietfa.amsl.com>; Wed, 27 Nov 2013 14:08:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q99Fq5QOS3dm for <tls@ietfa.amsl.com>; Wed, 27 Nov 2013 14:08:56 -0800 (PST)
Received: from mail-ve0-f173.google.com (mail-ve0-f173.google.com [209.85.128.173]) by ietfa.amsl.com (Postfix) with ESMTP id 4DA961AD6A4 for <tls@ietf.org>; Wed, 27 Nov 2013 14:08:56 -0800 (PST)
Received: by mail-ve0-f173.google.com with SMTP id oz11so5702173veb.32 for <tls@ietf.org>; Wed, 27 Nov 2013 14:08:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=FwEMNz9eUS0kpTLhi9U9wcV+Ee92QaSgNFGxDkn/Lyk=; b=mLslgWCcNWEKYprzCHwkLNQUDC/Zokai5+adH99MJLVXmXtHFzL4Fhw6bEo/CDdDsq CWLc6TeP51T7ayZQEfa2h/1NBQL6q39V7RzVLEFpNA/Zh+OdImVXTwluFDqyibSUEfhp eVHOuHsuMWFw03ttGKnjZkzM+W866CVleWj85OsRTAS2xgwVShb7lpY6L4H+wiMSS4Wz iIj/0thLp7+cTP4LM99+pwfO3ldXi8XIIHaVigUEItB6aJ6Piw+yj/ZmJLYekCrpktct 1+RyyvLgtQN1TwOo2LQBQC4OUayyH0RqO8hmddMhu5tJakmRVVM7rAz6t02zYTnfSbw/ n/0Q==
X-Gm-Message-State: ALoCoQnugj7k5czGhbhsL6Z40fZrh7TKGqZvIi7fxDh0OlxijboBiVud30fkxZeAJUwN8kVv9KJb
X-Received: by 10.220.47.10 with SMTP id l10mr1773798vcf.32.1385590135425; Wed, 27 Nov 2013 14:08:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.8.18 with HTTP; Wed, 27 Nov 2013 14:08:35 -0800 (PST)
In-Reply-To: <E7D8565E-64D0-443A-AB72-3F0B9F7AA0D5@checkpoint.com>
References: <9A043F3CF02CD34C8E74AC1594475C736541CBFC@uxcn10-tdc06.UoA.auckland.ac.nz> <CALCETrVeBHqckreYHmaiNONZ8Yj-om5+yQv+ZOfs0Qpj7xXOUA@mail.gmail.com> <BLU0-SMTP2032BA7A56EA05E1C2679F7B1EF0@phx.gbl> <52964E4B.5010208@mit.edu> <E7D8565E-64D0-443A-AB72-3F0B9F7AA0D5@checkpoint.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Wed, 27 Nov 2013 14:08:35 -0800
Message-ID: <CALCETrWkedEubJUujtkua7w6qosSeHagZWf9KeTnKFU65yuKSQ@mail.gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "tls@ietf.org" <tls@ietf.org>, Peter Gutmann <p.gutmann@auckland.ac.nz>
Subject: Re: [TLS] Deployment ... Re: This working group has failed
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 22:08:58 -0000

On Wed, Nov 27, 2013 at 1:22 PM, Yoav Nir <ynir@checkpoint.com> wrote:
> On Nov 27, 2013, at 9:55 PM, Andy Lutomirski <luto@amacapital.net>
>  wrote:
>>>> Not at all.  I didn't say "bundled set of trust roots;" I said
>>>> "explicitly chosen".  This would ban, for example:
>>>>
>>>>  - stunnel in client mode with verify = 0 or verify = 1
>>>>  - OpenSSL's SSL_VERIFY_NONE mode
>>>>  - The default behavior of Python's urllib2 module
>>>>
>>>> etc.  If an implementation wanted to offer a scary opt-in way to say
>>>> "make me completely insecure", I have no problem with that.  It's
>>>> unacceptable, though, that the default behavior of a lot of libraries
>>>> is to skip verification.
>>>>
>>>> I personally use TLS with private trust roots -- lots of people do
>>>> this.  The problem is when people use TLS with no trust roots at all.
>>> If by "lots" you mean too many to get them all together for beer night
>>> -- yes. But the kind of technical know-how is in short supply, and
>>> caring about this even among those with technical know-how is also thin
>>> on the ground.
>>>
>>> I'm sure there are thousands of people who use TLS with private trust
>>> roots, as well as thousands of companies. But that's a small portion of
>>> people and companies, and the rest of us also need stuff that works.
>>
>> Do you mean that the rest of us need to write mobile apps that appear to
>> work but are, in fact, insecure?
>
> No. Those of us who write mobile apps need the know-how, and can and should get it. And they should be able to configure a common library to be secure according to their needs. That does not mean that this library should not have any other modes.

Empirically they don't.

Note that I changed my straw-man language to allow an insecure mode.
But I still think that, in any sane TLS implementation, it must be
crystal clear that, by turning off verification, you are doing
something completely insecure.  Insecure-by-default is crap and should
end.

>>
>> I think that the rest of us actually need a TLS library that doesn't
>> suck and an easy and foolproof way to create and use a CA key, CA cert,
>> and server keypair.
>
> OpenSSL scripts are a Google search away. XCA is free and available for all platforms. The more irritating part is dealing with revocation.

XCA looks decent.  The OpenSSL scripts that are a Google search away
AFAICT mostly suck or are at the very least written by people who
don't know what they're talking about.

--Andy

v2.23.0 | Report a Bug | By Email